On August 25, 2023, the Government of the Republic of Serbia adopted the Personal Data Protection Strategy for the period 2023-2030 (“Strategy”).
The Strategy was prepared in accordance with other planning documents, i.e., programs of planning and coordination of public policies. When drafting the Strategy, the processes of European integrations, i.e., the framework by which the EU measures the progress of the candidate countries with regards to personal data protection were also taken into account. In addition, the key international acts were considered, and national laws relevant to the subject matter were analyzed as well.
Namely, the Strategy includes an overview and analysis of the current situation, where numerous shortcomings of the existing Law on Personal Data Protection (Official Gazette of RS no. 87/2018) (“the Law”) were identified as key problems in this respect. Namely, although the Law largely contains provisions taken from the GDPR, the solutions provided for therein are not appropriately adapted to local conditions, which makes it difficult for both the controllers, i.e., the processors, and the regulatory bodies.
In addition to the above, the Strategy includes a vision Protected data – safer citizens, while its general objective is Respecting the right to protection of personal data in all areas of life. The achievement of the aforesaid general objective is planned through the attainment of three specified goals, namely:
- improvement of functional mechanisms of personal data protection;
- improvement of awareness of the importance of the respective protection and of the ways of exercising rights; and
- improvement of the personal data protection system during the development and application of information and communication technologies in digitization processes.
Namely, the Strategy emphasizes the need to improve the Law, but also to harmonize other regulations with the provisions thereof, i.e., rules regarding the personal data protection, and to regulate the use of equipment for audio and video surveillance, as well as the use of genetic and biometric data.
In addition to the above, the Strategy announced a harsher penal policy for breaching obligations concerning personal data protection, emphasizing that the model used by the Commission for the Protection of Competition should be applied in this regard, according to which, in the event of a violation of regulations in the respective matter, the Commission itself can impose a fine, whereby the amount thereof depends on the company’s income.
It was also announced that the institutional capacities of the Commissioner for Information of Public Importance and Personal Data Protection shall be strengthened, by providing additional regional offices, and by increasing the number of persons specialized for personal data protection in the bodies dealing with the subject issues, through their education.
This article is to be considered as exclusively informative, with no intention to provide legal advice. If you should need additional information, please contact us directly.
By Ivana Ruzicic, Partner, and Lara Maksimovic, Senior Associate, PR Legal
